Just to be complete, a TCP Dump: Starting tcpick 0.2.1 at 2014-03-11 21 :11 UTC Timeout for connections is 600 tcpick: reading from test.pcap 1 SYN-SENT 10.255.247.241 :39729 > 10.30.77.227 :http 1 SYN-RECEIVED 10.255.247.241 :39729 > 10.30.77.227 :http 1 ESTABLISHED 10.255.247.241 :39729 > 10.30.77.227 :http GET /user HTTP/1.1 TE: deflate,gzip;q=0.3 Keep-Alive: 300 Connection: Keep-Alive, TE Date: Mon, 10 Mar 2014 22:51:06 GMT Authorization: AWS 08V6K45V9KPVK7MIWWMG:tot0rXT4AeYohcRQ0iyGPnAQ+cg= Host: admin.XXXX.liquidweb.com User-Agent: libwww-perl/5.805 display-name: Hello World uid: atc
HTTP/1.1 403 Forbidden Date: Mon, 10 Mar 2014 22:50:36 GMT Server: Apache/2.2.22 (Ubuntu) Accept-Ranges: bytes Content-Length: 78 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error> 1 FIN-WAIT- 1 10.255.247.241 :39729 > 10.30.77.227 :http 1 TIME-WAIT 10.255.247.241 :39729 > 10.30.77.227 :http 1 CLOSED 10.255.247.241 :39729 > 10.30.77.227 :http tcpick: done reading from test.pcap 10 packets captured 1 tcp sessions detected ----- Original Message ----- > From: "Steve Carter" <scar...@liquidweb.com> > To: "Yehuda Sadeh" <yeh...@inktank.com> > Cc: ceph-users@lists.ceph.com > Sent: Tuesday, March 11, 2014 4:35:12 PM > Subject: Re: [ceph-users] Access Denied errors > On Mar 10, 2014, at 8:30 PM, Yehuda Sadeh < yeh...@inktank.com > wrote: > > > 2014-03-10 22:59:12.551012 7fec017fa700 10 auth_hdr: > > > > > > GET > > > > > > Mon, 10 Mar 2014 22:59:42 GMT > > > > > > /user > > > > > This is related to the issue. I assume it was signed as /admin/user, > > > but here we just use /user because that what's passed in the URI. Are > > > you accessing the gateway through virtual dns bucket name (e.g., > > > admin.your-domain.com )? > > > Yehuda > > > > 2014-03-10 22:59:12.551103 7fec017fa700 15 calculated > > > digest=R+4z9J6PyXugdHAYJDKJiLPKpWo= > > > > > > 2014-03-10 22:59:12.551113 7fec017fa700 15 > > > auth_sign=OHAxWvf8U8t4CVWq0pKKwxZ2Xko= > > > > > > 2014-03-10 22:59:12.551114 7fec017fa700 15 compare=-3 > > > > > > 2014-03-10 22:59:12.551118 7fec017fa700 10 failed to authorize request > > > > > > 2014-03-10 22:59:12.551295 7fec017fa700 2 req 1:0.020363:s3:GET > > > /user:list_bucket:http status=403 > > > > > > 2014-03-10 22:59:12.551496 7fec017fa700 1 ====== req done req=0x19497c0 > > > http_status=403 ====== > > > > This what our request header looks like. ‘admin’ is the admin bucket. The > request doesn’t appear to be signed as /admin/user. I wonder if the ordering > of our header fields are incorrect insofar as they don’t match the canonical > ordering expected by radosgw/S3 resulting in the digests not matching? > Request: GET http://admin.XXXX.liquidweb.com/user > Date: Tue, 11 Mar 2014 22:52:20 GMT > Authorization: AWS 08V6K45V9KPVK7MIWWMG:VPPhzMiF9bFywTxLbr1peLEwZK4= > User-Agent: libwww-perl/5.805 > display-name: Hello World > uid: atc > Format: json HTTP/1.1 > *** /home/etank/lwlibs/perl/Amazon/S3.pm [298]: Response: HTTP/1.1 403 > Forbidden > Connection: Keep-Alive > Date: Tue, 11 Mar 2014 22:51:47 GMT > Accept-Ranges: bytes > Server: Apache/2.2.22 (Ubuntu) > Content-Length: 78 > Content-Type: application/xml > Client-Date: Tue, 11 Mar 2014 22:52:20 GMT > Client-Peer: 10.30.77.227:80 > Client-Response-Num: 1 > Keep-Alive: timeout=5, max=100 > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
